This chapter covers Microsoft Secure Score, a core component of Microsoft 365 Defender that quantifies an organization's security posture. For the SC-900 exam, Secure Score appears in roughly 5-8% of questions, often in scenario-based items asking you to interpret a score or recommend actions to improve it. You will need to understand what Secure Score measures, how it is calculated, the difference between the three score categories, and how to use improvement actions. This chapter provides the depth required to answer every Secure Score question on the exam.
Jump to a section
Imagine a credit bureau that continuously monitors your financial habits — how often you pay bills, your credit utilization, the diversity of your accounts — and gives you a single score between 300 and 850. But unlike a static credit score, this bureau also provides a prioritized list of actions: "Reduce credit utilization by 10% to gain 20 points" or "Open a new credit line to improve mix of credit." Each action has a point value and an expected impact. Microsoft Secure Score works exactly like this, but for your security posture. It aggregates signals from Microsoft 365 security services (Azure AD, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and more) and calculates a score from 0 to 100%. The score reflects how many security controls you have implemented compared to the total possible. Each recommended action — like enabling multi-factor authentication or turning on audit logging — has a specific point value. When you complete an action, your score increases. The score is recalculated periodically (every 24 hours by default) based on the latest telemetry. Just as a credit score helps lenders decide risk, Secure Score helps organizations gauge their security maturity and prioritize improvements.
What Is Microsoft Secure Score?
Microsoft Secure Score is a measurement of an organization's security posture within Microsoft 365 and Azure. It is a numerical value (0 to 100%) that represents the percentage of security controls you have implemented relative to the total possible. The higher the score, the better your security posture. Secure Score is part of the Microsoft 365 Defender portal and is accessible at https://security.microsoft.com/securescore. It is designed to help organizations:
Understand their current security posture
Identify gaps and prioritize remediation
Track progress over time
Benchmark against similar organizations
How Secure Score Is Calculated
Secure Score aggregates data from multiple Microsoft security products, including:
Azure Active Directory (now Microsoft Entra ID)
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Intune
Azure Security Center (now Microsoft Defender for Cloud)
Microsoft 365 compliance center (for data loss prevention, retention labels, etc.)
Each product contributes a set of improvement actions — specific configurations or activities that improve security. Each improvement action has a point value. The total possible points sum to 100%. Your score is the percentage of achieved points out of the total possible.
Formula:
Secure Score = (Achieved Points / Total Possible Points) * 100Points are assigned based on the security benefit and difficulty of implementation. For example, enabling multi-factor authentication for all users might be worth 20 points, while enabling audit logging might be worth 5 points.
Score Categories
Secure Score divides improvement actions into three categories:
Basic: Actions that are easy to implement but have limited security impact. Example: enabling password expiration policies. These are often low-hanging fruit.
Important: Actions that significantly reduce risk but may require more effort. Example: enabling conditional access policies.
Highly Important: Actions that provide the highest security benefit but may be complex or disruptive. Example: implementing Azure AD Privileged Identity Management (PIM).
The exam expects you to know these categories and be able to identify which actions fall into each.
Improvement Actions
Each improvement action has:
Title (e.g., "Enable multi-factor authentication for all users")
Description of the action
Category (Basic, Important, Highly Important)
Point value (e.g., 10 points)
Status (Completed, Not completed, or Partial)
Impact on other services or users
Implementation steps
Some actions are scored automatically based on telemetry from your tenant. Others require manual verification or configuration.
Score History and Trends
Secure Score provides a Score History chart showing your score over the last 90 days. You can also view Score Trends to see if your score is improving or declining. The exam may ask you to interpret a trend graph to determine whether security posture is improving.
License Requirements
Secure Score is available to all Microsoft 365 customers, but the number of available improvement actions depends on your license. For example:
Office 365 E1/E3/E5 – limited set of actions
Microsoft 365 E3/E5 – full set of actions, including those from Defender for Endpoint and Identity
Azure AD Premium P1/P2 – additional identity-related actions
The exam may test that Secure Score is available in all Microsoft 365 plans but that the breadth of actions varies.
How to Access Secure Score
Go to https://security.microsoft.com/securescore
Sign in with an account that has global admin or security admin role (or equivalent)
The dashboard shows your overall score, score history, and top improvement actions
You can also use Microsoft Graph API to programmatically access Secure Score data.
What Is NOT in Secure Score?
Secure Score does NOT measure:
Compliance with regulations (that's Compliance Score)
Actual attacks or incidents
User behavior (except as reflected in configurations)
On-premises infrastructure not connected to Microsoft 365
The exam often includes a distractor that conflates Secure Score with Compliance Score. They are separate tools in the Microsoft 365 Defender and Compliance portals.
How Secure Score Interacts with Other Tools
Microsoft 365 Defender: Secure Score is a core component of the Defender portal. It provides a unified view of security posture.
Compliance Score: While Secure Score focuses on security controls, Compliance Score measures compliance with regulatory standards (e.g., GDPR, ISO 27001). They share some underlying data but serve different purposes.
Azure Security Center (Defender for Cloud): For Azure resources, Secure Score includes actions from Azure Security Center, but the Azure Secure Score is separate from the Microsoft 365 Secure Score. However, they are conceptually similar.
Configuration and Verification
There is no configuration needed to enable Secure Score — it is automatically calculated based on your tenant's configuration. However, to see all improvement actions, you may need to assign appropriate licenses and roles.
To verify your Secure Score:
Navigate to Microsoft 365 Defender > Secure ScoreOr use Graph API:
GET https://graph.microsoft.com/v1.0/security/secureScoresDefault Values and Timers
Score recalculates every 24 hours (approximately)
Score history retained for 90 days
Points for an action are awarded when the action is completed (status changes to "Completed")
Some actions may require up to 48 hours to reflect in the score after completion
The exam may test these timers.
Exam Tips
Know the three categories: Basic, Important, Highly Important
Know that Secure Score is a percentage (0-100%)
Know that it is based on improvement actions from multiple Microsoft 365 security products
Do not confuse with Compliance Score
Understand that Secure Score is available to all Microsoft 365 customers but with varying action sets
Be able to interpret a score trend: increasing score = improving posture
Remember that Secure Score is calculated every 24 hours
Access the Secure Score Dashboard
Navigate to Microsoft 365 Defender portal (https://security.microsoft.com) and select **Secure Score** from the left navigation. This opens the main dashboard showing your overall score (percentage), a score history chart (last 90 days), and a list of top improvement actions. The dashboard also shows your score compared to organizations of similar size and industry (benchmark). You must have at least the Security Reader role to view the dashboard; Global Admin or Security Admin roles are needed to take action on improvement actions.
Review Improvement Actions
Scroll down to the **Improvement actions** list. Each action is shown with its title, category (Basic/Important/Highly Important), point value, and status. You can filter by product (e.g., Azure AD, Defender for Endpoint) or by category. Click on any action to see detailed information: description, steps to implement, potential impact, and how it affects your score. The exam may ask you to identify which action would have the greatest impact on the score.
Implement an Improvement Action
From the action details page, click **Open** to go directly to the configuration page in the relevant admin center (e.g., Azure AD, Exchange admin center). Follow the steps to enable the control. For example, to enable MFA, you might go to Azure AD > Users > Per-user MFA and enable it for all users. After implementation, the action's status will update automatically within 24-48 hours. Some actions require manual verification (marked as 'Manual' in the action list).
Monitor Score Changes
After implementing actions, the score recalculates every 24 hours. You can see the updated score on the dashboard and in the score history chart. The chart shows daily scores, and you can hover over points to see the exact value. A rising score indicates improvement. The exam may show a chart and ask you to determine if the security posture is improving or declining based on the trend.
Compare Against Benchmarks
Secure Score provides a **Benchmark** comparison showing how your score stacks up against organizations with similar industry and employee count. This helps understand relative security maturity. The benchmark is based on aggregated, anonymized data from other Microsoft 365 tenants. You can view this on the dashboard under the 'Your score vs. organizations like yours' section. The exam may test that Secure Score includes a benchmarking feature.
Enterprise Scenario 1: Improving Identity Security
A mid-sized company with 5,000 employees uses Microsoft 365 E5 licenses. Their Secure Score is 42%, which is below the industry benchmark of 55%. The security team reviews improvement actions and finds that 'Enable multi-factor authentication for all users' is worth 15 points and is currently not completed. They also see 'Enable Azure AD Identity Protection' worth 10 points. They prioritize these actions. After enabling MFA for all users (using Conditional Access policies), the score increases to 57% after the next recalculation. They also enable Identity Protection, adding another 10 points. Over three months, they implement several other actions and reach 78%. The score trend helps them demonstrate improvement to management.
Enterprise Scenario 2: Post-Merger Security Assessment
A global enterprise acquires a smaller company and needs to assess the acquired company's security posture. The acquired company uses Microsoft 365 Business Premium. The security team accesses Secure Score for the acquired tenant and sees a score of 31%. They identify critical gaps: no audit logging enabled (worth 5 points), no anti-malware policies (8 points), and no data loss prevention (12 points). They use the improvement actions as a checklist to bring the acquired tenant up to the parent company's standards. Within six months, they raise the score to 65% by implementing the top 20 actions.
Scenario 3: Misconfiguration Leading to Score Drop
A company's Secure Score suddenly drops from 75% to 68%. Investigation reveals that a recent Office 365 change disabled audit logging for mailboxes, causing the corresponding improvement action to revert to 'Not completed.' The score drop is automatically reflected in the next 24-hour recalculation. The team re-enables audit logging and the score returns to 75% within 48 hours. This highlights that Secure Score is dynamic and reflects real-time configuration changes. Common misconfigurations that impact score include accidental disabling of security features, license expirations, or policy changes.
Performance and Scale Considerations
Secure Score is calculated per tenant and does not have performance impact on end users. The calculation is performed in the background by Microsoft's cloud services. The score is based on telemetry from multiple sources, so there may be a delay of up to 48 hours for changes to reflect. For very large tenants (hundreds of thousands of users), the score calculation still completes within the standard 24-hour cycle. The benchmark comparison is updated quarterly.
What SC-900 Tests on Secure Score
SC-900 objective 3.4 specifically covers: 'Describe the capabilities of Microsoft Secure Score.' The exam expects you to:
Define Secure Score as a measurement of security posture
Explain how it is calculated (percentage of completed improvement actions)
Identify the three categories: Basic, Important, Highly Important
Differentiate Secure Score from Compliance Score
Recognize that Secure Score is available in all Microsoft 365 plans (but with varying actions)
Interpret score trends and benchmark comparisons
Common Wrong Answers and Why Candidates Choose Them
'Secure Score measures compliance with regulations.' This is wrong because Secure Score measures security posture, not compliance. Compliance Score is the tool for regulatory compliance. Candidates confuse the two because they are both in the Microsoft 365 Defender/Compliance portals.
'Secure Score is a static number that never changes.' Wrong — Secure Score recalculates every 24 hours based on current configurations. Candidates may think it's a one-time assessment.
'Secure Score requires Azure AD Premium P2 license.' Wrong — Secure Score is available to all Microsoft 365 customers, though the number of improvement actions depends on licenses. Candidates often overestimate licensing requirements.
'Improvement actions have equal point values.' Wrong — point values vary based on security impact. Candidates might assume all actions are worth the same.
Specific Numbers and Terms That Appear on the Exam
Score range: 0 to 100%
Recalculation frequency: every 24 hours
Score history retention: 90 days
Three categories: Basic, Important, Highly Important
Benchmark comparison: 'Your score vs. organizations like yours'
The term 'Improvement actions' (not 'recommendations' or 'tasks')
Edge Cases and Exceptions
If a license expires, improvement actions tied to that product may revert to 'Not completed' and score drops.
Some improvement actions are manual — they require the admin to mark them as completed after implementation.
Secure Score does not include on-premises resources unless they are connected via Azure Arc or other Microsoft monitoring.
How to Eliminate Wrong Answers
If the question mentions 'compliance,' 'GDPR,' or 'regulatory,' the answer is likely Compliance Score, not Secure Score.
If the question asks about a static number, it's wrong — Secure Score changes.
If the question says all actions are worth the same points, it's wrong.
If the question implies Secure Score requires a specific license to be used at all, it's wrong (it's available to all).
Microsoft Secure Score is a percentage (0-100%) representing the implementation of security controls in Microsoft 365.
Score recalculates every 24 hours based on telemetry from multiple security products.
Improvement actions are categorized as Basic, Important, or Highly Important.
Secure Score is available to all Microsoft 365 customers, but the number of actions varies by license.
Secure Score is not the same as Compliance Score; the latter measures regulatory compliance.
Score history is retained for 90 days and can be used to track progress.
Benchmark comparison shows your score relative to similar organizations.
Some improvement actions are manual and require admin to mark as completed.
These come up on the exam all the time. Here's how to tell them apart.
Microsoft Secure Score
Measures security posture (configurations to prevent attacks)
Score from 0 to 100%
Available in Microsoft 365 Defender portal
Improvement actions focus on security controls (MFA, audit logging, etc.)
Does not map to specific regulations
Microsoft Compliance Score
Measures compliance with regulatory standards (GDPR, ISO 27001, etc.)
Score from 0 to 100% (but based on compliance controls)
Available in Microsoft 365 Compliance portal
Improvement actions focus on compliance controls (data retention, privacy policies, etc.)
Maps to specific regulatory frameworks
Mistake
Secure Score measures how secure my organization is against real attacks.
Correct
Secure Score measures the implementation of security controls, not actual security against attacks. A high score means you have configured many recommended controls, but it does not guarantee you won't be breached.
Mistake
The Secure Score is updated in real-time as soon as I make a change.
Correct
The score recalculates approximately every 24 hours. Some changes may take up to 48 hours to reflect. It is not real-time.
Mistake
All improvement actions are worth the same number of points.
Correct
Point values vary based on the security importance and difficulty. Highly Important actions are worth more than Basic actions. For example, enabling MFA might be worth 15 points, while enabling audit logging might be worth 5.
Mistake
Secure Score is only available with Microsoft 365 E5 licenses.
Correct
Secure Score is available to all Microsoft 365 and Office 365 customers, including Business and Enterprise plans. However, the number of improvement actions visible depends on the licenses you have.
Mistake
Secure Score and Compliance Score are the same thing.
Correct
Secure Score measures security posture (configurations that reduce risk), while Compliance Score measures compliance with regulatory standards (e.g., GDPR, ISO 27001). They are separate tools in different portals (Defender vs. Compliance).
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Microsoft Secure Score is recalculated approximately every 24 hours. However, some changes may take up to 48 hours to reflect in the score. The score is not real-time; it is based on periodic telemetry collection from your Microsoft 365 tenant.
Secure Score measures your security posture by evaluating the implementation of security controls like MFA, audit logging, and threat protection. Compliance Score measures your adherence to regulatory standards such as GDPR, HIPAA, or ISO 27001. They are separate tools in different portals (Defender vs. Compliance), though they may share some underlying data.
Secure Score is available to all Microsoft 365 and Office 365 customers, including Business, Enterprise, and Education plans. However, the number of improvement actions you see depends on your licenses. For example, actions from Microsoft Defender for Endpoint require E5 or a standalone license.
Buying licenses alone does not improve your score. You must implement the security controls associated with those licenses. For example, purchasing Azure AD Premium P2 gives you access to Identity Protection actions, but you still need to enable them to earn points.
If you disable a security feature that was previously enabled, the corresponding improvement action will revert to 'Not completed,' and your score will decrease at the next recalculation (within 24-48 hours). Secure Score reflects your current configuration.
Secure Score primarily covers Microsoft 365 and Azure services. On-premises resources are not included unless they are connected via Azure Arc or managed by Microsoft Defender for Cloud. The exam focuses on cloud-based controls.
The maximum Secure Score is 100%, indicating that all possible improvement actions for your licensed products have been implemented. However, achieving 100% may not be feasible for all organizations due to business requirements or technical constraints.
You've just covered Microsoft Secure Score — now see how well it sticks with free SC-900 practice questions. Full explanations included, no account needed.
Done with this chapter?